[apple/security.git] / SecurityTests / clxutils / dotMacTool / README

dotMacTool notes May 4 2004

-- for now you need this in /etc/hosts:

# for INT2
17.207.20.182 int-cert certmgmt.mac.com certinfo.mac.com

# or, for INT1
17.207.43.109 qa-cert certmgmt.mac.com certinfo.mac.com

-- A good way to run tcpdump to show HTTP traffic on port 2150:

   tcpdump -i en0 -s 0 -A -q tcp port 2150

-- renew cert for existing account doug1 with password 123456:

tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/c2.pem
<<<snip away debug logging>>>
...cert acquisition complete
...2496 bytes of Cert written to /tmp/c2.pem

==============================================

-- demo queued response and retrieval
   -- set FORCE_SUCCESS_QUEUED to 1 in dotMacTpRpcGlue.cpp, this turns a full
      success RPC into a successQueued RPC
	  
tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/refid.pem
<<<snip away debug logging>>>
...Forcing REQ_QUEUED status
...cert acquisition complete
...105 bytes of Cert written to /tmp/refid.pem

...then lookup....

tower.local:dotMacTool> dotMacTool l -f /tmp/refid.pem -o /tmp/cert.pem
<<<snip away debug logging>>>
...cert retrieval complete
...10010 bytes of cert data written to /tmp/cert.pem

==============================================

TO DO
-----

-- DOT_MAC_LOOKUP_ID_PATH* consts in dotMacTp.h will change to allow loopkup of one 
   specific cert
-- DOT_MAC_SIGN_HOST_NAME and DOT_MAC_LOOKUP_HOST will change to avoid the port 2150

..........

Aug 10 testing

-- use INT1 environment
Commit	Line	Data
d8f41ccd A	1	dotMacTool notes May 4 2004
	2
	3	-- for now you need this in /etc/hosts:
	4
	5	# for INT2
	6	17.207.20.182 int-cert certmgmt.mac.com certinfo.mac.com
	7
	8	# or, for INT1
	9	17.207.43.109 qa-cert certmgmt.mac.com certinfo.mac.com
	10
	11	-- A good way to run tcpdump to show HTTP traffic on port 2150:
	12
	13	tcpdump -i en0 -s 0 -A -q tcp port 2150
	14
	15	-- renew cert for existing account doug1 with password 123456:
	16
	17	tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/c2.pem
	18	<<<snip away debug logging>>>
	19	...cert acquisition complete
	20	...2496 bytes of Cert written to /tmp/c2.pem
	21
	22	==============================================
	23
	24	-- demo queued response and retrieval
	25	-- set FORCE_SUCCESS_QUEUED to 1 in dotMacTpRpcGlue.cpp, this turns a full
	26	success RPC into a successQueued RPC
	27
	28	tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/refid.pem
	29	<<<snip away debug logging>>>
	30	...Forcing REQ_QUEUED status
	31	...cert acquisition complete
	32	...105 bytes of Cert written to /tmp/refid.pem
	33
	34	...then lookup....
	35
	36	tower.local:dotMacTool> dotMacTool l -f /tmp/refid.pem -o /tmp/cert.pem
	37	<<<snip away debug logging>>>
	38	...cert retrieval complete
	39	...10010 bytes of cert data written to /tmp/cert.pem
	40
	41	==============================================
	42
	43	TO DO
	44	-----
	45
	46	-- DOT_MAC_LOOKUP_ID_PATH* consts in dotMacTp.h will change to allow loopkup of one
	47	specific cert
	48	-- DOT_MAC_SIGN_HOST_NAME and DOT_MAC_LOOKUP_HOST will change to avoid the port 2150
	49
	50	..........
	51
	52	Aug 10 testing
	53
	54	-- use INT1 environment
	55
	56